Healthcare practitioners\u27 perspectives on the use of e-health applications to support overweight and obese adolescents

The aim of this research was to investigate, from an Australian healthcare practitioners\u27 perspective, whether online and e-health applications could provide support for and be beneficial to overweight and obese adolescents. This research has investigated whether diet and exercise related environmental causes of obesity could be positively affected by using e-health applications to re-educate adolescents about healthy eating and exercise behaviours the research identified what online and electronic resources healthcare practitioners\u27 recommended to their patients, in order to understand how information systems· solutions could better assist these patients in achieving healthier lifestyle outcomes. Additionally, the research investigated what content, features and functionality healthcare practitioners\u27 believed should be incorporated into future e-health initiatives. The research was exploratory in design and attempted to identify future research projects. The research targeted healthcare practitioners who made their contact details publicly available via the Internet, including the online Yellow Pages, and those that routinely treat overweight and obese adolescents. The research had a multidisciplinary approach as practitioners from numerous professions were identified as potential respondents, they included: Aboriginal health experts, cardiologists, child health experts, dietitians, exercise physiologists, general practitioners, health promotion researchers, homeopaths, medical practitioners, naturopaths, nutritionists, nurses, obesity experts, paediatricians, psychiatrists, psychologists, and sports dietitians. The attitude data of these healthcare practitioners is considered to be useful and relevant in regards to the future development of information systems and in designing appropriate resources for patients. Hence, the research was information systems (IS) based, and a survey was selected as the overarching research methodology upon which to conduct this investigation. The theoretical contribution of this research is in the extension of theory relating to the use of electronic support information as it is perceived by Australian healthcare practitioners. Further, this research highlights healthcare practitioners\u27 attitudes towards, and adoption of current e-health technology. These are significant issues given the rapid growth of e-health information on the Internet and patients growing demand for these resources to be made widely available

The Applicability of ISO/IEC27014:2013 For Use Within General Medical Practice

General practices are increasingly cognizant of their responsibilities in regards to information security, as is evidenced by professional bodies such as the Royal Australian College of General Practitioners (RACGP) who publish the Computer and Information Security Standards (CISS) for General Practices. Information security governance in general medical practice is an emerging area of importance. As such, the CISS (2013) standard incorporates elements of information security governance. The International Organization for Standardization (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology -- Security techniques -- Governance of information security. The release of this revised ISO standard, which is applicable to organisations of all sizes, offers a framework against which to assess and implement this governance component of information security within general medical practice. This paper reports on an analysis of this standard to determine how it could be applied to Australian general practice. The paper further reports on two qualitative interviews with information security experts relating to the suitability of utilising this standard within general practice. The results confirm that the governance component of information security. which is currently insufficiently addressed within general practice, requires support in the form of standards, however that developing a security culture is crucial to good governance in medical information security

Developing And Validating A Healthcare Information Security Governance Framework

General medical practices\u27 in Australia are vulnerable to information security threats and insecure practices. It is well accepted in the healthcare environment that information security is both a technical and a human endeavour, and that the human behaviours, particularly around integration with healthcare workflow, are key barriers to good information security practice. The Royal Australian College of General Practitioner\u27s (RACGP) Computer and Information Security Standards (CISS) 2013 are the best practice standards for general practices, against which information security is assessed during practice accreditation. With the release of ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security in May 2013, it is this governance component of information security that is insufficiently addressed within General Practice at present. This paper documents the development and validation of an information security governance framework for use within general medical practice. The aim of the proposed Information Security Governance Framework is to extend current best practice information security management to include information security governance

Secure transmission of shared electronic health records: A review

Paperbased health records together with electronic Patient Management Systems remain the norm for hospitals and primary care practices to manage patient health information in Australia. Although the benefits of recording patient health information into an electronic format known as an electronic health record (EHR) are well documented, the use of these systems has not yet been fully realised. The next advancement for EHRs is the ability to share health records for the primary purpose of improved patient care. This may for example enable a primary care physician, with the patient’s consent, to electronically share pertinent health information with a specialist, providing timely information transfer and reducing the need for replicated testing. Australia is in the process of adopting a national approach to an integrated health records solution. The Australian National Ehealth Transition Authority (NEHTA) has released their Interoperability Framework together with specifications and standards for secure messaging in Ehealth. This is expected to promote an environment in which vendors competing for market share will develop medical applications that are interoperable. With an aging population and the baby boomers preparing for retirement, it is anticipated that these initiatives may indirectly help to reduce the anticipated strain on the health care budget. Anticipated secondary benefits include the collection of deidentified information for public health research and the development of health management strategies. This paper discusses NEHTA’s secure transmission initiatives and the resultant security issues related to the transfer of shared EHRs

International Relations and Cyber Attacks: Official and Unofficial Discourse

The potential for cyberwarfare is vast and is of concern to all nations, and national security defence. It appears that many countries are actively trying to protect their computer networks, whilst looking for ways that might bring down the networks of other countries, although this is not officially acknowledged. Bringing down another nations computer networks could give the attacking national intelligence and control. These kinds of interactions are now a part of the way in which international relations are played out, and the internet is also a place in which international relations are contested. As such the internet plays a role in the visualisation and articulation of international relations both officially and unofficially, via official pronouncements and the activities of private citizens. What makes the internet different to other media forms is that the internet also represents a space in which international relations are contested in terms of cyber attacks and information warfare. This paper analyses official and unofficial discourses surrounding the way in which international relations in regards to cyber attacks have been played out via the internet, using North Korea and Stuxnet as case studies

Challenges in Improving Information Security Practice in Australian General

The status of information security in Australian medical general practice is discussed together with a review of the challenges facing small practices that often lack the technical knowledge and skill to secure patient information by themselves. It is proposed that an information security governance framework is required to assist practices in identifying weaknesses and gaps and then to plan and implement how to overcome their shortcomings through policies, training and changes to processes and management structure

An Information Security Governance Framework for Australian Primary Care Health Providers

The competitive nature of business and society means that the protection of information, and governance of the information security function, is increasingly important. This paper introduces the notion of a governance framework for information security for health providers. It refines the idea of an IT Balanced Scorecard into a scorecard process for use in governing information security for primary care health providers, where IT and security skills may be limited. The approach amends and justifies the four main elements of the scorecard process. The existence of a governance framework specifically tailored for the needs of primary care practice is a critical success factor if such organizations are to move to a robust level of information security. The challenge is twofold. Firstly, measures for governance need to be understandable to the target audience using the framework. Secondly, the number of measures needs to be controllable otherwise the process will become unviable and unused. This research synthesizes existing models and industry standards to formulate a new governance process that meets these two important criteria. The contribution of this research is in the refinement of governance metrics to make them useful to healthcare providers, specifically in relation to IT and new information communication technologies

Measuring and applying information security governance within general medical practice

Australia is in the process of adopting a national approach towards the secure electronic exchange of health information. The health information contributions of general practices as the primary point of patient medical care, will be critical to the success of an interoperable national healthcare system. Sharing information creates vulnerabilities by increasing exposure to information security threats. Consequently, improvement in information security practice within general practice may positively contribute towards improved patient care by providing access to timely and accurate information. There is renewed focus within general practice on information security, inter alia the introduction of: the Royal Australian College of General Practitioners (RACGP, 2014) Computer and Information Security Standards (CISS, 2013); privacy law reform in 2014; an evolving national electronic heath record system; litigation relating to information breaches; and continuing Australian public support for mandatory data breach notification legislation.The implementation of reliable information security procedures within general practices will be critical to secure the exchange of confidential patient information. Protecting patient health information requires appropriate security measures in regards to technologies, policies, and procedures as well as ensuring that staff are well trained and aware of these security activities. Adherence to industry standard security activities will enable general practices to take responsibility for their information security thereby minimising the threat of lost or stolen information. To meet the rising number of information security threats, general practices need to adopt a framework of accountability and control to address and demonstrate effective information security management and governance. The governance component of information security remains insufficiently addressed within Australian general practice at present.This thesis demonstrates an application of international standards at a strategic level, and proposes a functional process improvement framework against which general practices can assess and implement effective information security governance. This interpretation and operationalisation of international governance of information security standard ISO/IEC 27014:2013 (ISO, 2013), had not previously been undertaken. Further, application of information security governance within the Australian general practice environment had not previously been undertaken, and formed the basis for establishing a positive information security culture.A qualitative action research methodology was utilised for the collection of national data. Further, iterative action research cycles were applied to develop the practical information security governance framework for use within general practice. Following a review of the literature, a preliminary framework was developed to include industry best practice standards and information security compliance criteria applicable to general practice. This initial governance framework extends the industry security standards developed by the RACGP CISS (2013), ISACA’s COBIT 5 (2012), NEHTA’s NESAF (2012) governance framework and Williams’ TIGS-CMM model (2007c). Information security experts validated the information security governance framework during focus groups and interview data collections, which included representatives from key Australian healthcare organisations.Following development, the governance framework was applied and tested within general practices during iterative cycles of interviews. General practice participants conducted a self-assessment against the framework, responded to semi-structured interview questions, and policy documentation was analysed. The governance framework was revised following these iterations and cycles of action research. The objective of this research method was to achieve a ‘theoretical saturation’ of the theory whereby the patterns in the general practice interviews indicated when no new information was being yielded (Mason 2010). A final cycle of a general practice interview was conducted to verify the appropriateness of the information security governance framework within Australian general practice.The contribution of this research was both theoretical and practical. A holistic governance framework and process was synthesised and formulated, which aimed to assist general practices to meet their legal and industry related compliance security responsibilities, by securing information assets in an escalating threat environment. The governance approach was designed to be achievable and sustainable for general practices over time, whilst encouraging incremental improvement in security performance. To address the people aspect of security, the governance process incorporated a risk-based structure for the review of security breaches and performance measures, to assist in making the necessary governance decisions by amending policies and processes, and accessing the required training. This strategic approach extends international and industry best practice of information security governance for use in Australian general practice, with the aim of improving the protection of confidential health informatio